<?php
session_start();


 function sendsms($code ,$phone)
{
    if(!$code){
        return false;
    }

    if(!$phone){
        return false;
    }

    $content = '[VIC]您的验证码为'.$code.'，在10分钟内有效。';
    $smsapi = "http://api.smsbao.com/"; //短信网关
    $user = 'xjx0422xcp'; //短信平台帐号
    $pass = md5('xjx0422'); //短信平台密码
    $phone = $phone;
    $sendurl = $smsapi."sms?u=".$user."&p=".$pass."&m=".$phone."&c=".urlencode($content);
    $result =file_get_contents($sendurl) ;
    if($result != 0){
        return false;
    }else{
        return true;
    }

}

//$AppKey = '';
//$AppSecret = '';
// $p = new ServerAPI($AppKey,$AppSecret,'fsockopen');		//fsockopen伪造请求
//$p = new ServerAPI($AppKey,$AppSecret,'curl');		//php curl库
function random($length = 6 , $numeric = 0) {
        PHP_VERSION < '4.2.0' && mt_srand((double)microtime() * 1000000);
        if($numeric) {
            $hash = sprintf('%0'.$length.'d', mt_rand(0, pow(10, $length) - 1));
        } else {
            $hash = '';
            $chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789abcdefghjkmnpqrstuvwxyz';
            $max = strlen($chars) - 1;
            for($i = 0; $i < $length; $i++) {
                $hash .= $chars[mt_rand(0, $max)];
            }
        }
        return $hash;
}
function checkstr($strsql)
{     //检测字符串是否有注入风险
       
    $strsql=trim($strsql);
    $check=preg_match('/select|or|and|char|create|drop|database|table|insert|script|function|update|delete|exec|system|passthru|shell_exec|<|\`|\%|\"|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile/i',$strsql);
  
    if($check)
    {   
        if($strsql !='chark_sheng' ){
            echo "<script language='javascript'>alert('您输入的信息存在非法字符！');history.go(-1)</script>";
            exit;
        }
    }        
    return  $strsql;                      
               
}

$mobile = checkstr($_GET['phone']);
$mobile_code = random(6,1);
if(empty($mobile)){
    echo json_encode(array('res'=>'手机号码不能为空'));
    exit;
}
if(!empty($_SESSION["a".$mobile])){
        if(time()-$_SESSION["a".$mobile]<60){
            echo json_encode(array('res'=>"一分钟只允许发一次短信！"));
            exit;
        }
}
$nat= isset($_GET['nat'])? checkstr($_GET['nat']):86;
$type=0;  //默认国内
if($nat!=86){
    $gjmobile=$nat.' '.$mobile;
    $type=1;
    $_SESSION["a".$mobile]=time();
    $_SESSION['mobile'] = $mobile;
    $_SESSION['mobile_code'] = $mobile_code;
    $_SESSION['nat']=$nat;
    echo json_encode(array('res'=>$mobile_code));
    exit;
}

  $result =sendsms($mobile_code,$mobile);
  if($result){
	        $_SESSION["a".$mobile]=time();
        	$_SESSION['mobile'] = $mobile;
        	$_SESSION['mobile_code'] = $mobile_code;
        	$_SESSION['nat']=$nat;
            echo json_encode(array('res'=>"发送成功，请注意查收！"));
        	exit;
  }else{
  	//提交失败
      echo json_encode(array('res'=>"failed"));
  }
exit;
?>